Categories

Category: Security

“There is no substitute for proactive Security”

Much as you would love to believe that you are safe you are not. Chances are that a new Vulnerability was discovered a few weeks after you patched your servers. We can take the pain out of managing security for you through our Security centric services.

Bolstered by our vast experience in securing and resurrecting mission-critical servers and over 6 years of core system administration and impelmetation work, we provide you with a comprehensive-one stop server security solution.

Unlike those fancy “consultants”, who charge you a million bucks and leave you all scared and sweating, we have been in the field, grappled with real issues and patched real servers (not the ones in a lab or in a textbook). We have what it takes to make your servers “really” safe. We don’t just tell you what your problems are but we go the whole nine yards and “fix it” so you can sit back and relax.

As stated earlier we do not restrict ourselves within the above stated activities. We take each case on a one to one basis and proceed to evaluate and suggest a solution that we can provide and that you would like to take from us. So please feel free to contact us.

This howto is for setting up TMDA on a per user basis (not everyone would probably appreciate the interception and so better to give it only to those on your server who ask for it)! It assumes Postfix is the MTA.

Once this is done send a test mail to imtiaz@domain. It should result in a automatic reply being generated asking for a confirmation from our end. Once you confirm the address becomes whitelisted and you can send without a confirmation until the user, Imtiaz, removes your id from the confirmed list.

This writeup illustrates how you can enable secure roaming access to an smtp server while simultaneously adding a further layer of security to your postfix mail server. Not 100% guaranteed to keep thieves at bay but very effective.

It works on the principle that if you have an account on the server you are authorized to relay from that server. So if you can authenticate your self to the pop daemon you’re allowed to send mails using the smtp server running on the same server. Otherwise not!

Assumes you’re using Dovecot for pop3/imap access and Postfix for the MTA

This is a quick and dirty how to on setting up a firewall + Bruteforce detection/prevention mechanism + AntiDOS system on your dedicated Linux server.
Assumes root access

APF

APF is a policy based iptables firewall system designed for ease of use and configuration.

mkdir $HOME/src
cd $HOME/src
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
tar -xvzf apf-current.tar.gz
cd apf-0.9.6-1/
./install.sh
vi /etc/apf/conf.apf
(edit the IG_TCP line and add ports you need. Also the directive to run it in demo mode)

/etc/init.d/apf start

AntiDOS

Antidos is a log parsing script made for r-fx.org’s APF (advanced policy
firewall). It’s purpose is to parse specific log formats for network attacks
against a given system; and take certain actions.

vi /etc/apf/ad/conf.antidos
(edit the config for alerts and other options)
/etc/init.d/apf restart

BFD

BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.